Scam Alert – Phishing Scams
There are new data protection laws coming into place at the end of May 2018 across the EU (UK included).
Unless you run a business or organisation, you shouldn’t have to worry about the changes in the new GDPR directive (big changes to data protection laws) but you should be on your guard for the latest scams which are currently surfacing.
This blog post is to alert you of the scams rather than go into details of the new changes in the data protection laws.
Scammers are sending out mass emails claiming to be from well known companies, advising that in order to comply with the new legalisation, you should click the link within the email to verify your account or to confirm that you agree with the new terms.
What actually happens is this: you follow the link which takes you to a page that looks like a login page for that company. You enter your details and click login. Boom. You’ve just sent your details away to fraudsters who now know your username and password for that account. Worse still, if you use the same password for other things you could be in real trouble.
This isn’t a new scam. This has been doing the rounds for years. However you may start receiving legitimate emails from companies asking you to do just this in order for them to comply with the new laws. This is exactly the time when fraudsters attempt to take advantage.
Phishing in murky water
How to Tell If It’s Real
Within email on web mail, if you roll your mouse over the link in the email, the URL (the link) will appear down at the bottom of the browser window. Within the URL, the part to pay close attention to is the last dot before .com or .uk
The example we’ll use is iTunes. If the URL is itunes.apple.zjks.su/hl/dddhs this is a scam. The last dot is before su, (before any / forward slashes) the website you are landing on is zjks.su, nothing to do with Apple.
A real email from Apple would look something like this buy.itunes.apple.com/WebObjects/MZFinance.woa/
The word that comes before the last dot (before any / forward slashes) is the domain, the letters after the last dot are the TLD (country).
If you are using a tablet or smartphone, click and hold the link and you’ll see the URL (beginnning with http or https). The last dot before the com before the forward slashes!
Confused dot com?
Here’s the best thing to do: Never click a link within an email unless you are absolutely certain that it is genuine. Instead, come out of your email and go directly to that site and login. If there is an alert to agree to new conditions or verify your account, do so from within that website, not via a link.
As always here on the Computroon Support blog, I’ll try and keep you up to date and safe online when I become aware of new or trending scams.